I'm looking to further my career and move towards IT Security. People keep mentioning doing the IT Security+ but I've heard good and bad things about it. Some say its not worth the paper its written on. Others have told me to take the postgrad route?which is the best way in?

57 Replies

This is completely dependent on your current position and experience, where you want to go with your career and what types of jobs you are interested in. Each has their place career-wise and non have any intrinsic value. CompTIA tests, on their own, are absolute garbage. They aren't written by people that many of us would consider for interns but they have deep pockets and lots of market recognition by people who didn't take them themselves.

Skip it and go straight CISSP if you are serious about starting down the security track. That will be a gateway to a whole world of certs and masters programs. SANS just started a masters program you may want to look into. www.sans.org they can also help you get your CISSP or you can self study, I reccomend about 3 months of studying and the Shon harris book.

I'm looking to further my career and move towards IT Security. People keep mentioning doing the IT Security+ but I've heard good and bad things about it. Some say its not worth the paper its written on. Others have told me to take the postgrad route?which is the best way in?

Another tidbit of advice, Ask people what they are hiring. Look at moster and dice and see what the pre-requsites are for the positions you want. I like being smart about things and consolidating effort. Some certs have the weight of many others. The CISSP I mentioned has a lot of weight and isnt overly hard, it is just tricky. The GIAC masters program is nice because you get to earn certs along the way, it is kind of like getting a masters through certification :)

My long term goal is digital forensics, possibly working with the police?I've seen a few positions that I think I would enjoy. Don't you have to be in an IT security role for 7 years before you can take the CISSP?

You can take the CISSP with any level of experience, you are considered an associate if you cannot fulfill the prerequisites. But you get transitioned into a full CISSP when you fill those. It is easy to hit though, pretty much anything you have done counts. It is 4 years in one of the domains, I have friends who aren't even IT guys who have it.

Digital Forensics. That is an interesting field, I had the option to get into that but ended up deciding against it. The Child porn part would have been hard on my mental status, which is a large amount of their cases in this part of the country. Look at EnCase certifications. That will most likely be the suite you will use if hired, and if you already have your cert, you are a shoe in at insurance and police agencies.

Something you could do is get an EnCase cert ($$$) then apply to be a police officer, you would move up in the ranks REALLY fast. (I used to work for a state police department, they wanted a Security IT officer sooooo bad)

I started off getting the A+ and Net+ certs. While I don't really feel like I retained much of value from them they did seem to make me a bit more marketable than without them. It at least shows that your willing to put time and money into the career field to potential employers and have at least a very basic understanding of computers.

If your an experienced IT professional already with better certs, previous IT positions on your resume, and/or formal education in the field, I would assume that those certs would mostly be a complete waste of your time.

Thanks, good to know. I wanted to get my CISSP and still plan to but was put off a bit by the requirements listed on the all in one study guide I bought and figured I wouldn't even be eligible to take it for some time to come. Maybe I'll put it back on my to-do list in the not too far away future.

My long term goal is digital forensics, possibly working with the police?I've seen a few positions that I think I would enjoy. Don't you have to be in an IT security role for 7 years before you can take the CISSP?

If a gov't position is your goal, I'd think that a degree would be the best place to start. Just guessing but it seems that way to me. Get a tech degree directly in digital forensics. I think that my school, RIT, has a masters program for that.

I took the Security+ mostly because I didn't have a security cert and I needed one to get into the master's degree program I wanted to start. I didn't find it to be a true measure of what I really know about security. It was a good review of some things that I use infrequently though.

I'm working through A+ (701 and 702) at the moment, Scott, your comments aren't very encouraging! But, based on your level of knowledge, experience and the fact that you need something like the Great Wall of China to hang all your certificates I suppose it's justifiable.

I've absolutely no illusions whatsoever that I'll go straight into a mega-paid job after getting certified. I've a lot of experience but I wanted to consolidate it and fill in the gaps by doing some courses. CompTIA A+ just seemed like a logical place to start to me.

A+ pretty much typecasts you as a basic helpdesk/computer repair tech. Non-techies have no clue what it means and computer geeks won't be impressed. Not worth the time and effort unless you're just starting out.

Network+ looks good on paper, but it's embarrassingly easy. (At my old job, for example, we would make bets on who could complete it the fastest. My time was just over eleven minutes.) Worth taking just for some recognition as a Network Administrator but you won't get anything out of it.

Security+ is probably the best of the three because it sounds the most impressive. I actually don't have this one, but was considering getting it just because it looks and sounds good on a resume.

The important thing to remember is that CompTIA previously had lifetime certs but recently changed this. After an uproar by current cert holders, they revised their stance and declared that previously issued certifications would continue to be lifetime certifications but newly issued ones would now have to be renewed every three years. There is a grace period up through the end of the year for those currently studying, so if you're considering ever becoming CompTIA certified go ahead and test out before the year's up.

A+ pretty much typecasts you as a basic helpdesk/computer repair tech. Non-techies have no clue what it means and computer geeks won't be impressed. Not worth the time and effort unless you're just starting out.

It's considered the Geek Squad cert. Only required by jobs that you don't want. Any job that wants it, you don't want. Consider it a yard stick by which to measure the company.